From 37f7eb6e46aa98bbd406d14945e6c57c53693921 Mon Sep 17 00:00:00 2001
From: Meysam Azad <meysam@developer-friendly.blog>
Date: Sun, 12 Jan 2025 20:40:17 +0700
Subject: [PATCH] feat: starting to write the nixos hetzner snapshot

---
 .../posts/2025/002-packer-hetzner/README.md   |  58 +++++++
 .../packer/nixos-hetzner.pkr.hcl              | 156 ++++++++++++++++++
 docs/static/subscribe.js                      |   2 -
 3 files changed, 214 insertions(+), 2 deletions(-)
 create mode 100644 docs/blog/posts/2025/002-packer-hetzner/README.md
 create mode 100644 docs/blog/posts/2025/002-packer-hetzner/packer/nixos-hetzner.pkr.hcl

diff --git a/docs/blog/posts/2025/002-packer-hetzner/README.md b/docs/blog/posts/2025/002-packer-hetzner/README.md
new file mode 100644
index 0000000..29e6932
--- /dev/null
+++ b/docs/blog/posts/2025/002-packer-hetzner/README.md
@@ -0,0 +1,58 @@
+---
+date: 2025-01-12
+draft: true
+---
+
+# Packer: How to Build NixOS 24 Snapshot on Hetzner Cloud
+
+Packer is a powerful tool to create immutable images, with support for various
+cloud providers.
+
+In this blog post, I share how I built a NixOS 24 snapshot using Packer on
+Hetzner Cloud.
+
+If you're a fan of NixOS or want to learn more about Packer, this post is for
+you.
+
+<!-- more -->
+
+## Introduction
+
+I have been on the sidelines waiting for an opportunity to dip my toes into the
+NixOS ecosystem.
+
+I have been hearing a lot of good things about it and I wanted to see what the
+fuss was all about.
+
+Additionally, I have been using Hetzner Cloud for a while now, both personally
+and professionally in production setups.
+
+I thought it would be a good idea to combine the two and see what I can come up
+with.
+
+## Prerequisites
+
+- Packer v1.11 installed on your local machine[^packer]
+- Hetzner Cloud account with an API token
+    - Use my referral code to get €20 in credits :grimacing::
+      <https://hetzner.cloud/?ref=ai5E5vaX1J71>
+
+## Getting Started
+
+There are various ways of installing NixOS, and I found it somehow confusing
+that the docs are scattered all over the internet, not making it easy for
+beginners to get started.
+
+High barrier to entry is perhaps one of the reasons why NixOS is not as
+wide-spread as other Linux distributions!
+
+## Packer Configuration
+
+If you know, you know, and if you don't, I'll explain the file as much as
+possible in a bit.
+
+```hcl title="nixos-hetzner.pkr.hcl"
+-8<- "docs/blog/posts/2025/002-packer-hetzner/packer/nixos-hetzner.pkr.hcl"
+```
+
+[^packer]: https://developer.hashicorp.com/packer/install
diff --git a/docs/blog/posts/2025/002-packer-hetzner/packer/nixos-hetzner.pkr.hcl b/docs/blog/posts/2025/002-packer-hetzner/packer/nixos-hetzner.pkr.hcl
new file mode 100644
index 0000000..59a9c08
--- /dev/null
+++ b/docs/blog/posts/2025/002-packer-hetzner/packer/nixos-hetzner.pkr.hcl
@@ -0,0 +1,156 @@
+packer {
+  required_plugins {
+    hcloud = {
+      version = "< 2.0.0"
+      source  = "github.com/hetznercloud/hcloud"
+    }
+  }
+}
+
+variable "hcloud_token" {
+  type      = string
+  sensitive = true
+  default   = env("HCLOUD_TOKEN")
+}
+
+variable "ssh_public_key" {
+  type    = string
+  default = ""
+}
+
+locals {
+  timestamp      = regex_replace(timestamp(), "[- TZ:]", "")
+  ssh_public_key = var.ssh_public_key != "" ? var.ssh_public_key : file(pathexpand("~/.ssh/hetzner-nixos.pub"))
+
+  nixos_version   = "24.11"
+  nixpkgs_version = "branch-off-24.11"
+}
+
+source "hcloud" "nixos" {
+  image         = "debian-12"
+  rescue        = "linux64"
+  location      = "nbg1"
+  server_type   = "cax31"
+  snapshot_name = "nixos-${local.timestamp}"
+  snapshot_labels = {
+    os        = "nixos"
+    timestamp = local.timestamp
+  }
+  ssh_username = "root"
+  token        = "${var.hcloud_token}"
+}
+
+build {
+  sources = ["source.hcloud.nixos"]
+
+  provisioner "file" {
+    content     = <<-EOF
+      #!/bin/bash
+      set -eux
+
+      export DEBIAN_FRONTEND=noninteractive
+      apt update
+      apt install -y squashfs-tools
+
+      # ref: https://gist.github.com/chris-martin/4ead9b0acbd2e3ce084576ee06961000
+      wget https://channels.nixos.org/nixos-${local.nixos_version}/latest-nixos-minimal-$(uname -m)-linux.iso -O nixos.iso
+
+      mkdir nixos
+      mount -o loop nixos.iso nixos
+
+      mkdir /nix
+      unsquashfs -d /nix/store nixos/nix-store.squashfs
+
+      NIXOS_INSTALL=$(find /nix/store -path '*-nixos-install/bin/nixos-install')
+      NIX_INSTANTIATE=$(find /nix/store -path '*-nix-*/bin/nix-instantiate')
+      NIXOS_GENERATE_CONFIG=$(find /nix/store -path '*-nixos-generate-config/bin/nixos-generate-config')
+      export PATH="$(dirname $NIXOS_INSTALL):$(dirname $NIX_INSTANTIATE):$(dirname $NIXOS_GENERATE_CONFIG):$PATH"
+
+      groupadd --system nixbld
+      useradd --system --home-dir /var/empty --shell $(which nologin) -g nixbld -G nixbld nixbld0
+
+      wget https://github.com/NixOS/nixpkgs/archive/refs/tags/${local.nixpkgs_version}.zip -O nixpkgs.zip
+      unzip nixpkgs.zip
+      mv nixpkgs-* nixpkgs
+      export NIX_PATH=nixpkgs=$HOME/nixpkgs
+
+      parted -s /dev/sda -- mklabel gpt
+      parted -s /dev/sda -- mkpart root xfs 512MB -2GB
+      parted -s /dev/sda -- mkpart swap linux-swap -2GB 100%
+      parted -s /dev/sda -- mkpart ESP fat32 1MB 512MB
+      parted -s /dev/sda -- set 3 esp on
+
+      mkfs.ext4 -L nixos /dev/sda1
+      mkswap -L swap /dev/sda2
+      mkfs.fat -F 32 -n boot /dev/sda3
+
+      mount /dev/disk/by-label/nixos /mnt
+      mkdir -p /mnt/boot
+      mount -o umask=077 /dev/disk/by-label/boot /mnt/boot
+      swapon /dev/sda2
+
+      mkdir /mnt/nix
+      unsquashfs -d /mnt/nix/store nixos/nix-store.squashfs
+
+      nixos-generate-config --root /mnt
+
+      cat > /mnt/etc/nixos/configuration.nix <<EOL
+      { config, pkgs, ... }:
+      {
+        imports = [ ./hardware-configuration.nix ];
+
+        boot.loader.systemd-boot.enable = true;
+        boot.loader.efi.canTouchEfiVariables = true;
+
+        environment.systemPackages = with pkgs; [
+          vim
+          git
+          wget
+          curl
+          tmux
+          openssh
+          pkgs.util-linux
+        ];
+
+        networking.hostName = "nixos";
+        networking.networkmanager.enable = true;
+
+        services.openssh.enable = true;
+        services.openssh.settings.PermitRootLogin = "prohibit-password";
+
+        users.users.root.openssh.authorizedKeys.keys = [
+          "${var.ssh_public_key}"
+        ];
+
+        system.stateVersion = "${local.nixos_version}";
+      }
+      EOL
+
+      nixos-install --no-root-passwd --root /mnt
+
+      rm -rf /mnt/root/.nix-profile
+      rm -rf /mnt/root/.nix-defexpr
+      rm -rf /mnt/root/.nix-channels
+
+      rm -rf /tmp/*
+      nix-collect-garbage -d
+      rm -rf /var/log/*
+    EOF
+    destination = "/tmp/install.sh"
+    direction   = "upload"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "chmod +x /tmp/install.sh",
+      "/tmp/install.sh",
+    ]
+  }
+
+  provisioner "shell" {
+    inline = [
+      "rm -f /tmp/install.sh",
+      "sync",
+    ]
+  }
+}
diff --git a/docs/static/subscribe.js b/docs/static/subscribe.js
index 510884b..25e459a 100644
--- a/docs/static/subscribe.js
+++ b/docs/static/subscribe.js
@@ -82,8 +82,6 @@ document$.subscribe(async function prepareSubForm() {
   }
 
   async function renderSubscriptionForm() {
-    console.log("Fetching newsletter subscription form...");
-
     var response = await fetch("https://newsletter.developer-friendly.blog");
     if (response.status == 200) {
       document